Tue Jan 22 23:40:16 UTC 2013patches/packages/mysql-5.5.29-x86_64-1_slack14.0.txz: Upgraded. Upgraded to the latest upstream version to fix security issues and provide other bug fixes and improvements. Note that some of the changes may possibly introduce incompatibilities with the previous package. (* Security fix *)+--------------------------+

Fri Feb 8 03:57:05 UTC 2013patches/packages/curl-7.29.0-x86_64-1_slack14.0.txz: Upgraded. When negotiating SASL DIGEST-MD5 authentication, the function Curl_sasl_create_digest_md5_message() uses the data provided from the server without doing the proper length checks and that data is then appended to a local fixed-size buffer on the stack. This vulnerability can be exploited by someone who is in control of a server that a libcurl based program is accessing with POP3, SMTP or IMAP. For applications that accept user provided URLs, it is also thinkable that a malicious user would feed an application with a URL to a server hosting code targeting this flaw. Affected versions: curl 7.26.0 to and including 7.28.1 For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0249 (* Security fix *)patches/packages/sdl-1.2.14-x86_64-6_slack14.0.txz: Rebuilt. Patched mouse clicking bug.+--------------------------+

Thu Mar 7 00:16:35 UTC 2013patches/packages/sudo-1.8.6p7-x86_64-1_slack14.0.txz: Upgraded. This update fixes security issues that could allow a user to run commands without authenticating after the password timeout has already expired. Note that the vulnerability did not permit a user to run commands other than those allowed by the sudoers policy. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1775 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1776 (* Security fix *)+--------------------------+